diff options
author | Shehjar Tikoo <shehjart@gluster.com> | 2010-12-20 00:24:33 +0000 |
---|---|---|
committer | Anand V. Avati <avati@dev.gluster.com> | 2010-12-27 20:51:05 -0800 |
commit | 48f3faaa492b7a6f93e1f3d79cb66b34fd080468 (patch) | |
tree | b33be507c9ce669a85fed66feaa9de9ef0ea2ae6 /xlators/nfs/server/src | |
parent | d0fff8965875ed7e7cee223bd2c7b12df10cb6d7 (diff) |
nfs3: Access cbk must account for auxgids on group access checks
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 2045 (Write permission denied for non-primary group membership)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2045
Diffstat (limited to 'xlators/nfs/server/src')
-rw-r--r-- | xlators/nfs/server/src/nfs3-helpers.c | 21 | ||||
-rw-r--r-- | xlators/nfs/server/src/nfs3-helpers.h | 2 | ||||
-rw-r--r-- | xlators/nfs/server/src/nfs3.c | 6 |
3 files changed, 23 insertions, 6 deletions
diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c index dabcdc82ea7..a74a9041290 100644 --- a/xlators/nfs/server/src/nfs3-helpers.c +++ b/xlators/nfs/server/src/nfs3-helpers.c @@ -677,20 +677,33 @@ nfs3_superuser_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request) uint32_t nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid, - gid_t gid) + gid_t gid, gid_t *auxgids, int gids) { uint32_t accresult = 0; ia_prot_t prot = {0, }; ia_type_t type = 0; + int testgid = -1; + int x = 0; prot = buf->ia_prot; type = buf->ia_type; + if (buf->ia_gid == gid) + testgid = gid; + else { + for (; x < gids; ++x) { + if (buf->ia_gid == auxgids[x]) { + testgid = buf->ia_gid; + break; + } + } + } + if (uid == 0) accresult = nfs3_superuser_accessbits (prot, type, request); else if (buf->ia_uid == uid) accresult = nfs3_owner_accessbits (prot, type, request); - else if (buf->ia_gid == gid) + else if ((testgid != -1) && (buf->ia_gid == testgid)) accresult = nfs3_group_accessbits (prot, type, request); else accresult = nfs3_other_accessbits (prot, type, request); @@ -702,7 +715,7 @@ nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid, void nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf, uint32_t accbits, uid_t uid, gid_t gid, - uint64_t deviceid) + uint64_t deviceid, gid_t *gidarr, int gids) { post_op_attr objattr; uint32_t accres = 0; @@ -714,7 +727,7 @@ nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf, nfs3_map_deviceid_to_statdev (buf, deviceid); objattr = nfs3_stat_to_post_op_attr (buf); - accres = nfs3_stat_to_accessbits (buf, accbits, uid, gid); + accres = nfs3_stat_to_accessbits (buf, accbits, uid, gid, gidarr, gids); res->access3res_u.resok.obj_attributes = objattr; res->access3res_u.resok.access = accres; diff --git a/xlators/nfs/server/src/nfs3-helpers.h b/xlators/nfs/server/src/nfs3-helpers.h index 7281dbb7d24..8fb11ff15d1 100644 --- a/xlators/nfs/server/src/nfs3-helpers.h +++ b/xlators/nfs/server/src/nfs3-helpers.h @@ -101,7 +101,7 @@ nfs3_prep_access3args (access3args *args, struct nfs3_fh *fh); extern void nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf, uint32_t accbits, uid_t uid, gid_t gid, - uint64_t deviceid); + uint64_t deviceid, gid_t *auxgids, int gids); extern char * nfs3_fhcache_getpath (struct nfs3_state *nfs3, struct nfs3_fh *fh); diff --git a/xlators/nfs/server/src/nfs3.c b/xlators/nfs/server/src/nfs3.c index 443ec5265d8..46f7f7c5ce2 100644 --- a/xlators/nfs/server/src/nfs3.c +++ b/xlators/nfs/server/src/nfs3.c @@ -1320,11 +1320,15 @@ nfs3_access_reply (rpcsvc_request_t *req, nfsstat3 status, struct iatt *buf, { access3res res; uint64_t deviceid = 0; + gid_t *gidarr = NULL; + int gids = 0; deviceid = nfs3_request_xlator_deviceid (req); + gidarr = nfs_rpcsvc_auth_unix_auxgids (req, &gids); nfs3_fill_access3res (&res, status, buf, accbits, nfs_rpcsvc_request_uid (req), - nfs_rpcsvc_request_gid (req), deviceid); + nfs_rpcsvc_request_gid (req), deviceid, gidarr, + gids); nfs3svc_submit_reply (req, &res, (nfs3_serializer)xdr_serialize_access3res); return 0; |